Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)

To: BALLABIO GERARDO <GERARDO.BALLABIO@mpsgr.it>
Cc: debian-devel@lists.debian.org
Subject: Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
From: Steve Kemp <skx@debian.org>
Date: Wed, 14 May 2008 10:08:11 +0100
Message-id: <[🔎] 20080514090811.GA1181@steve.org.uk>
In-reply-to: <[🔎] 53F5051F689FD84AB8A2A5A27BE251958599BA@se000010010046.servinternet.local>
References: <[🔎] 53F5051F689FD84AB8A2A5A27BE251958599BA@se000010010046.servinternet.local>

On Wed May 14, 2008 at 10:21:18 +0200, BALLABIO GERARDO wrote:

> If so, and if that was the ONLY entropy source used in generating keys,
> then upstream openssl is (and has always been) just as broken as the
> patched Debian package. 

  It wasn't.

Steve
-- 
Debian GNU/Linux System Administration
http://www.debian-administration.org/

Reply to:

References:
- Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
  - From: BALLABIO GERARDO <GERARDO.BALLABIO@mpsgr.it>

Prev by Date: Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
Next by Date: Re: analyzing popcon data for bogus recommends
Previous by thread: Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
Next by thread: Re: Is openssl actually safe now? (was: debian infrastructure ssh key logins disabled, passwords reset)
Index(es):
- Date
- Thread